Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-14982

    The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and... Read more

    Affected Products : booking_calendar
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-65349

    A Stored Cross-Site Scripting (XSS) vulnerability in Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to execute arbitrary scripts via a crafted payload due to unsanitized repeater AP SS... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2026-21907

    A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers (ssl-static-key-ciphers), reducing the confidentiality of on-path traffic communicated across the c... Read more

    Affected Products : junos_space
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cryptography

  • 7.1

    HIGH
    CVE-2026-21910

    An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to... Read more

    Affected Products : junos
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2026-1023

    Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database contents.... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2026-1018

    Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files.... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2026-1019

    Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2026-1021

    Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2026-1020

    Police Statistics Database System developed by Gotac has a Absolute Path Traversal vulnerability, allowing unauthenticated remote attackers to enumerate the system file directory.... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-14237

    Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C... Read more

    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-14232

    Buffer overflow in XML processing of XPS file in Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670... Read more

    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-14234

    Buffer overflow in CPCA list processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Seri... Read more

    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-14231

    Buffer overflow in print job processing by WSD on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP67... Read more

    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2021-47813

    Backup Key Recovery 2.2.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a large buffer of 256 repeated characters into the registration key f... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2026-1002

    The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 ... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2021-47803

    iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileges. Attackers can insert a malicious executable into the unquoted service path to run with Loc... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2021-47796

    Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows unauthenticated attackers to access a Linux shell. Attackers can connect to port 23 using the default credential to execute arbitrary commands on the camera'... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2021-47814

    NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an applicatio... Read more

    Affected Products :
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 5.9

    MEDIUM
    CVE-2026-22045

    Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines ... Read more

    Affected Products : traefik
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Denial of Service

  • 8.0

    HIGH
    CVE-2026-1010

    A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When a... Read more

    Affected Products :
    • Published: Jan. 15, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4362 Results